If the end points are not secure, it does not matter how pretty the code is or how strong the cryptographic primitives are. So what is the use of pretending to offer people real privacy?
These people need to start over and get away from the iPhone and from Android as the places to encrypt and decrypt.
Yes, Signal has done impressive work, they have been repeatedly recommended by Snowden, and we even hear, from illegally-disclosed NSA documents, that the NSA regarded Signal as a major threat in 2012. From those same documents we learned that TAILS, TOR, and TrueCrypt were regarded as even more dangerous, as catastrophic. So why the difference in threat level? What is the difference between “major threat” and “catastrophic”? Isn’t it reasonable to guess that the difference is between subvertible and we-can’t-own-it? In other words, if it were an inaccessible system to the U.S. in its actual employment, I think we would be hearing the FBI scream.